After upgrading to Symantec Encryption Management Server 3.2, Symantec Drive Encryption clients with SKM keys using gateway email encryption are unable to decrypt email messages if an ADK was used to encrypt the message. Without an ADK, messages are not able to be encrypted by senders.
SKM keys are being renewed without the flag for messaging.
A new option was added in version 3.2 to allow users to receive encrypted email in the Consumer Policy.
Through the Symantec Encryption Management Server Administration interface go to:
Choose the affected Consumer Policy
Click the “Edit…” button to the right of Key generation and management options
Go to the Options tab. In the Products Usage section check the box next to Allow users to receive encrypted email click the “Save” button.
Once this has been saved in the consumer policy, users keys need to be updated to add the messaging flag. To do this you need to have SSH access to the Symantec Encryption Management Server . If you do not already have access to the server via SSH you can follow the instructions in this KB to continue: